Best tools for red and blue teams are methodology, experience

Kacy Zurkus |
Oct. 13, 2016

In many ways, parenting and security have a lot in common. No book exists that provides all of the answers.

In many ways, parenting and security have a lot in common. No book exists that provides all of the answers. There is no silver bullet, and both roles can be overwhelmingly stressful. Getting into the mind of the enemy, though, might be a little easier done than understanding the inner workings of the teenage mind.

Parents are the blue teams that want to know how susceptible their children are to life's many temptations and pitfalls. The red teams, all of the possible dangers that could hurt a child, are those who want to get in. The greater challenge is for the blue team to protect their domain by finding that one vulnerability that can be exploited without putting too many limitations and restrictions on users.

That's why many of the tools in red and blue team security toolkit are not actual products as much as they are methodologies. When security teams take a step back to reflect upon what they need in their toolboxes, they might find that the answer is less about technology than it is about people and process.

Peter Wood, CEO of ethical hacking firm First Base Technologies, said,"Red teaming involves multiple stages, from open source research, through social engineering, end point and network exploitation, to data exfiltration, so the tools required are many and varied."

Red teams can use a variety of tools depending on their preferred method of social engineering. "Searches of Google maps, job boards, pastebin, LinkedIn, Twitter, Facebook, Instagram, recon-ng, metagoofil and spiderfoot; port scanning and banner grabbing using Ncat, Netcat, and Nikto," said Wood are only some of the tools commonly used.

Matt Rodgers, head of security strategy, E8 Security said, "I’ve done a little bit of both red team and blue team work. To try to figure out what needs to go into the toolbox, they first have to understand their goals. Learn as much as they can about the state of security in the organization, then put those learnings to good use."

For some folks, that response is frustrating because they want answers. "They like to get into the weeds around this particular technical goal," said Rodgers, "but in reality it is a combination of putting people, process, and technology to the test all at once."

Equally as important is to understand what physical security looks like. "Some of the social engineering exercises, such as dropping USB sticks in the parking lot, need to be added into the exercises as well," Rodgers said.